Web Security Flashcards by Aleksei Saunders

Define Weakness

A Condition that could introduce a vulnerability

How well did you know this?

Not at all

Perfectly

Define Vulnerability

A Defect with security consequences

How well did you know this?

Not at all

Perfectly

Define a Threat

A potential danger to the system

How well did you know this?

Not at all

Perfectly

Define an Attack

An attempt to compromise, disrupt, or gain unauthorized access to the system

How well did you know this?

Not at all

Perfectly

Define an Exploit

A method to bypass security measures

How well did you know this?

Not at all

Perfectly

What does TTP stand for in the realm of network threats and attacks?

TTP stands for Tactics, Techniques, and Procedures - each tactic (the What) can have multiple techniques (the How) associated with it. Procedures are real-life examples of technique use.

How well did you know this?

Not at all

Perfectly

What is a Threat?

A Threat is something that directly impacts operational activities in a negative way.

How well did you know this?

Not at all

Perfectly

What is a Vulnerability?

A Vulnerability is a weakness in a piece of software, system, or procedure that may be exploited or triggered by a threat source.

How well did you know this?

Not at all

Perfectly

What is the CIA triad in terms of cybersecurity?

The CIA triad is Confidentiality, Integrity and Availability

How well did you know this?

Not at all

Perfectly

How well did you know this?

Not at all

Perfectly

What does OSI stand for?

Open Systems Interconnection

How well did you know this?

Not at all

Perfectly

How many layers are in the OSI Model?

Seven layers

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 1 (Physical)?

Transmitting raw bits over a physical medium using electrical, optical, or radio signals.

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 2 (Data Link)?

Transmitting frames between devices on the same local network using MAC addresses.

How well did you know this?

Not at all

Perfectly

What device primarily operates at OSI Layer 2?

A network switch

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 3 (Network)?

Routing packets between different networks using IP addresses.

How well did you know this?

Not at all

Perfectly

What device primarily operates at OSI Layer 3?

A router

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 4 (Transport)?

Providing end-to-end data delivery, segmentation, reassembly, and port addressing.

How well did you know this?

Not at all

Perfectly

Which two main protocols operate at the Transport layer?

TCP and UDP

How well did you know this?

Not at all

Perfectly

How does TCP differ from UDP?

TCP is reliable and ordered; UDP is connectionless and faster but unreliable.

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 5 (Session)?

Establishing, managing, and terminating communication sessions.

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 6 (Presentation)?

Formatting, encrypting, compressing, and encoding data.

How well did you know this?

Not at all

Perfectly

What is the function of OSI Layer 7 (Application)?

Providing network services directly to user applications.

How well did you know this?

Not at all

Perfectly

What layer of the OSI Model is responsible for encryption?

Presentation Layer (Layer 6)

How well did you know this?

Not at all

Perfectly

What does TCP/IP stand for?

Transmission Control Protocol/Internet Protocol

How many layers are in the TCP/IP model?

Four layers

What are the four TCP/IP layers?

Network Access, Internet, Transport, Application

Which OSI layers are combined into TCP/IP's Network Access layer?

OSI Layers 1 and 2 (Physical and Data Link)

Which OSI layer corresponds to the TCP/IP Internet layer?

OSI Layer 3 (Network)

Which OSI layers are combined into the TCP/IP Application layer?

OSI Layers 5-7 (Session, Presentation, Application)

What is encapsulation in networking?

The process of adding headers and/or trailers to data as it moves down the network stack.

What is decapsulation in networking?

The process of removing headers and/or trailers as data moves up the network stack.

What is a protocol in network communication?

A standard, or set of rules, for communication between devices.

What address type is associated with the Data Link Layer?

MAC Address (Media Access Control)

What is the makeup of a MAC Address?

48 bits long: first 24 bits identify the manufacturer, second 24 bits are a unique identifier for the node.

What is the purpose of a MAC Address?

A MAC Address serves as a unique identifier (serial number) for network interfaces.

What devices are associated with the Data Link Layer?

Switches and Bridges

What is the data unit associated with the Data Link Layer?

Ethernet Frame

What address type is associated with the Network Layer?

IP Address

What devices are associated with the Network Layer?

Routers and Firewalls

What is the data unit associated with the Network Layer?

Packets

What address type is associated with the Transport Layer?

Ports

What is the data unit associated with the Transport Layer?

Segments

What does TCP stand for?

Transmission Control Protocol

What does UDP stand for?

User Datagram Protocol

What does FTP stand for?

File Transfer Protocol

What does SFTP stand for?

Secure File Transfer Protocol (or SSH File Transfer Protocol)

What port does FTP use?

Port 21

What port does SFTP use?

Port 22

What does SSH stand for?

Secure Shell (or Secure Socket Shell)

What port does SSH use?

Port 22

What does Telnet allow?

Logging into another computer on the same network (unencrypted remote access).

What port does Telnet use?

Port 23

What does SMTP stand for?

Simple Mail Transfer Protocol

What ports are associated with SMTP?

Port 25 (unsecured, server-to-server) and Port 587 (secured, client-to-server)

What does IMAP stand for?

Internet Mail Access Protocol

What is IMAP used for?

Accessing or retrieving email from a server while keeping messages stored on the server.

What ports are associated with IMAP?

Port 143 (insecure) and Port 993 (secure)

What does NTP stand for?

Network Time Protocol

What is NTP used for?

Synchronizing time across computer networks.

What port does NTP use?

Port 123

What does DNS stand for?

Domain Name System

What port does DNS use?

Port 53

What does DoT stand for?

DNS over TLS (Transport Layer Security)

What port does DoT use?

Port 853

What does HTTP stand for?

Hypertext Transfer Protocol

What does HTTPS stand for?

Hypertext Transfer Protocol Secure

What port does HTTP use?

Port 80

What port does HTTPS use?

Port 443

What does SNMP stand for?

Simple Network Management Protocol

What does SNMP do?

Manages how devices on a network share information, monitors network performance, identifies devices, and tracks network changes.

What ports does SNMP use?

Ports 161 and 162

What does LDAP stand for?

Lightweight Directory Access Protocol

What is LDAP used for?

Looking up user information, contact information, and network resources like email systems, printers, and user accounts.

What port does LDAP use?

Port 389

What does LDAPS stand for?

Lightweight Directory Access Protocol Secure

What port does LDAPS use?

Port 636

Why are network models organized into layers?

To separate concerns, simplify understanding, and allow independent development and troubleshooting of network functions.

What does it mean when a device is described as "Layer 7 capable"?

It can inspect or operate on application-layer data.

What does the presence of an address on a device suggest about security?

The device is susceptible to spoofing or impersonation as an attack vector.

Web Security Flashcards

(80 cards)